Skip to content

Commit

Permalink
Merge pull request #5 from renesas/renesas-1-2-security-patch
Browse files Browse the repository at this point in the history 
1.2 Security Patch
  • Loading branch information
@michaelthomasj
michaelthomasj authored Apr 21, 2021
2 parents e7b3643 + df6b595 commit 92e16df
Show file tree
Hide file tree
Showing 9 changed files with 76 additions and 105 deletions.
39 changes: 2 additions & 37 deletions bl2/ext/mcuboot/bl2_main.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
#include "flash_map_backend/flash_map_backend.h"
#include "boot_hal.h"
#include "uart_stdout.h"
#include "rm_mcuboot_port.h"

/* Avoids the semihosting issue */
#if defined (__ARMCC_VERSION) && (__ARMCC_VERSION >= 6010050)
Expand All @@ -43,43 +44,7 @@ __asm(" .global __ARM_use_no_argv\n");

/* Static buffer to be used by mbedtls for memory allocation */
static uint8_t mbedtls_mem_buf[BL2_MBEDTLS_MEM_BUF_LEN];

static void do_boot(struct boot_rsp *rsp)
{
struct boot_arm_vector_table *vt;
uintptr_t flash_base;
int rc;

/* The beginning of the image is the ARM vector table, containing
* the initial stack pointer address and the reset vector
* consecutively. Manually set the stack pointer and jump into the
* reset vector
*/
rc = flash_device_base(rsp->br_flash_dev_id, &flash_base);
assert(rc == 0);

if (rsp->br_hdr->ih_flags & IMAGE_F_RAM_LOAD) {
/* The image has been copied to SRAM, find the vector table
* at the load address instead of image's address in flash
*/
vt = (struct boot_arm_vector_table *)(rsp->br_hdr->ih_load_addr +
rsp->br_hdr->ih_hdr_size);
} else {
/* Using the flash address as not executing in SRAM */
vt = (struct boot_arm_vector_table *)(flash_base +
rsp->br_image_off +
rsp->br_hdr->ih_hdr_size);
}

#if MCUBOOT_LOG_LEVEL > MCUBOOT_LOG_LEVEL_OFF
stdio_uninit();
#endif

/* This function never returns, because it calls the secure application
* Reset_Handler().
*/
boot_platform_quit(vt);
}
int bl2_main(void);

int bl2_main(void)
{
Expand Down
40 changes: 15 additions & 25 deletions secure_fw/spm/cmsis_func/arch.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
#include "tfm/tfm_spm_services.h"

#if defined(__ICCARM__)
uint32_t tfm_core_svc_handler(uint32_t *svc_args, uint32_t lr, uint32_t *msp);
uint32_t tfm_core_svc_handler(uint32_t *msp, uint32_t *psp, uint32_t exc_return);
#pragma required=tfm_core_svc_handler
#endif

Expand Down Expand Up @@ -308,26 +308,23 @@ __attribute__((naked)) void SVC_Handler(void)
#if !defined(__ICCARM__)
".syntax unified \n"
#endif
"MRS r0, PSP \n"
"MRS r2, MSP \n"
"MOVS r1, #4 \n"
"MOV r3, lr \n"
"TST r1, r3 \n"
"MRS r0, MSP \n"
"MOV r2, lr \n"
"MOVS r3, #8 \n"
"TST r2, r3 \n"
"BNE from_thread \n"
/*
* This branch is taken when the code is being invoked from handler mode.
* This happens when a de-privileged interrupt handler is to be run. Seal
* the stack before de-privileging.
*/
"LDR r0, =0xFEF5EDA5 \n"
"MOVS r3, r0 \n"
"PUSH {r0, r3} \n"
/* Overwrite r0 with MSP */
"MOV r0, r2 \n"
"LDR r1, =0xFEF5EDA5 \n"
"MOVS r3, r1 \n"
"PUSH {r1, r3} \n"
"from_thread: \n"
"MOV r1, lr \n"
"MRS r1, PSP \n"
"BL tfm_core_svc_handler \n"
"MOVS r1, #4 \n"
"MOVS r1, #8 \n"
"TST r1, r0 \n"
"BNE to_thread \n"
/*
Expand All @@ -345,18 +342,11 @@ __attribute__((naked)) void SVC_Handler(void)
__attribute__((naked)) void SVC_Handler(void)
{
__ASM volatile(
"MOVS r0, #4 \n" /* Check store SP in thread mode to r0 */
"MOV r1, lr \n"
"TST r0, r1 \n"
"BEQ handler \n"
"MRS r0, PSP \n" /* Coming from thread mode */
"B sp_stored \n"
"handler: \n"
"BX lr \n" /* Coming from handler mode */
"sp_stored: \n"
"MOV r1, lr \n"
"BL tfm_core_svc_handler \n"
"BX r0 \n"
"MRS r0, MSP \n"
"MRS r1, PSP \n"
"MOV r2, lr \n"
"BL tfm_core_svc_handler \n"
"BX r0 \n"
);
}
#endif
Expand Down
27 changes: 19 additions & 8 deletions secure_fw/spm/cmsis_func/tfm_core_svcalls_func.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 +29,26 @@ extern int32_t platform_svc_handlers(tfm_svc_number_t svc_num,
*/
#include "tfm_secure_irq_handlers.inc"

uint32_t tfm_core_svc_handler(uint32_t *svc_args, uint32_t lr, uint32_t *msp)

uint32_t tfm_core_svc_handler(uint32_t *msp, uint32_t *psp, uint32_t exc_return)
{
uint8_t svc_number = 0;
uint32_t *svc_args = msp;
uint32_t retval = exc_return;

if ((exc_return & EXC_RETURN_MODE) && (exc_return & EXC_RETURN_SPSEL)) {
/* Use PSP when both EXC_RETURN.MODE and EXC_RETURN.SPSEL are set */
svc_args = psp;
} else {
svc_args = msp;
}

/*
* Stack contains:
* r0, r1, r2, r3, r12, r14 (lr), the return address and xPSR
* First argument (r0) is svc_args[0]
*/
if (is_return_secure_stack(lr)) {
if (is_return_secure_stack(exc_return)) {
/* SV called directly from secure context. Check instruction for
* svc_number
*/
Expand All @@ -51,10 +62,10 @@ uint32_t tfm_core_svc_handler(uint32_t *svc_args, uint32_t lr, uint32_t *msp)
}
switch (svc_number) {
case TFM_SVC_SFN_REQUEST:
lr = tfm_spm_partition_request_svc_handler(svc_args, lr);
retval = tfm_spm_partition_request_svc_handler(svc_args, exc_return);
break;
case TFM_SVC_SFN_RETURN:
lr = tfm_spm_partition_return_handler(lr);
retval = tfm_spm_partition_return_handler(exc_return);
break;
case TFM_SVC_GET_CALLER_CLIENT_ID:
tfm_spm_get_caller_client_id_handler(svc_args);
Expand All @@ -63,10 +74,10 @@ uint32_t tfm_core_svc_handler(uint32_t *svc_args, uint32_t lr, uint32_t *msp)
tfm_spm_request_handler((struct tfm_state_context_t *)svc_args);
break;
case TFM_SVC_DEPRIV_REQ:
lr = tfm_spm_depriv_req_handler(svc_args, lr);
retval = tfm_spm_depriv_req_handler(svc_args, exc_return);
break;
case TFM_SVC_DEPRIV_RET:
lr = tfm_spm_depriv_return_handler(msp, lr);
retval = tfm_spm_depriv_return_handler(msp, exc_return);
break;
case TFM_SVC_PSA_WAIT:
tfm_spm_psa_wait(svc_args);
Expand All @@ -85,12 +96,12 @@ uint32_t tfm_core_svc_handler(uint32_t *svc_args, uint32_t lr, uint32_t *msp)
break;
default:
#ifdef PLATFORM_SVC_HANDLERS
svc_args[0] = platform_svc_handlers(svc_num, svc_args, lr);
svc_args[0] = platform_svc_handlers(svc_num, svc_args, exc_return);
#endif
break;
}

return lr;
return retval;
}

void tfm_access_violation_handler(void)
Expand Down
19 changes: 6 additions & 13 deletions secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,25 +85,18 @@ void tfm_arch_init_actx(struct tfm_arch_ctx_t *p_actx,
}

#if defined(__ICCARM__)
uint32_t tfm_core_svc_handler(uint32_t *svc_args, uint32_t exc_return);
uint32_t tfm_core_svc_handler(uint32_t *msp, uint32_t *psp, uint32_t exc_return);
#pragma required = tfm_core_svc_handler
#endif

__attribute__((naked)) void SVC_Handler(void)
{
__ASM volatile(
"MOVS r0, #4 \n" /* Check store SP in thread mode to r0 */
"MOV r1, lr \n"
"TST r0, r1 \n"
"BEQ handler \n"
"MRS r0, PSP \n" /* Coming from thread mode */
"B sp_stored \n"
"handler: \n"
"BX lr \n" /* Coming from handler mode */
"sp_stored: \n"
"MOV r1, lr \n"
"BL tfm_core_svc_handler \n"
"BX r0 \n"
"MRS r0, MSP \n"
"MRS r1, PSP \n"
"MOV r2, lr \n"
"BL tfm_core_svc_handler \n"
"BX r0 \n"
);
}

Expand Down
7 changes: 7 additions & 0 deletions secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,13 @@
/* Initial EXC_RETURN value in LR when a thread is loaded at the first time */
#define EXC_RETURN_THREAD_S_PSP 0xFFFFFFFD

/* Exception return behavior */

/* stack pointer used to restore context: 0=MSP 1=PSP. */
#define EXC_RETURN_SPSEL (1UL << 2)
/* processor mode for return: 0=Handler mode 1=Thread mod. */
#define EXC_RETURN_MODE (1UL << 3)

struct tfm_arch_ctx_t {
uint32_t r8;
uint32_t r9;
Expand Down
15 changes: 4 additions & 11 deletions secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,23 +108,16 @@ void HardFault_Handler(void)
}

#if defined(__ICCARM__)
uint32_t tfm_core_svc_handler(uint32_t *svc_args, uint32_t exc_return);
uint32_t tfm_core_svc_handler(uint32_t *msp, uint32_t *psp, uint32_t exc_return);
#pragma required = tfm_core_svc_handler
#endif

__attribute__((naked)) void SVC_Handler(void)
{
__ASM volatile(
"MRS r2, MSP \n"
"MOVS r1, #4 \n"
"MOV r3, lr \n"
"MOV r0, r2 \n"
"TST r1, r3 \n"
"BEQ handler \n"
/* If SVC was made from thread mode, overwrite r0 with PSP */
"MRS r0, PSP \n"
"handler: \n"
"MOV r1, lr \n"
"MRS r0, MSP \n"
"MRS r1, PSP \n"
"MOV r2, lr \n"
"BL tfm_core_svc_handler \n"
"BX r0 \n"
);
Expand Down
12 changes: 4 additions & 8 deletions secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,20 +94,16 @@ void SecureFault_Handler(void)
}

#if defined(__ICCARM__)
uint32_t tfm_core_svc_handler(uint32_t *svc_args, uint32_t exc_return);
uint32_t tfm_core_svc_handler(uint32_t *msp, uint32_t *psp, uint32_t exc_return);
#pragma required = tfm_core_svc_handler
#endif

__attribute__((naked)) void SVC_Handler(void)
{
__ASM volatile(
"MRS r2, MSP \n"
/* Check store SP in thread mode to r0 */
"TST lr, #4 \n"
"ITE EQ \n"
"MOVEQ r0, r2 \n"
"MRSNE r0, PSP \n"
"MOV r1, lr \n"
"MRS r0, MSP \n"
"MRS r1, PSP \n"
"MOV r2, lr \n"
"BL tfm_core_svc_handler \n"
"BX r0 \n"
);
Expand Down
17 changes: 16 additions & 1 deletion secure_fw/spm/cmsis_psa/tfm_core_svcalls_ipc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,9 +118,24 @@ static int32_t SVC_Handler_IPC(tfm_svc_number_t svc_num, uint32_t *ctx,
return PSA_SUCCESS;
}

uint32_t tfm_core_svc_handler(uint32_t *svc_args, uint32_t exc_return)

uint32_t tfm_core_svc_handler(uint32_t *msp, uint32_t *psp, uint32_t exc_return)
{
tfm_svc_number_t svc_number = TFM_SVC_SFN_REQUEST;
uint32_t *svc_args = msp;

if (!(exc_return & EXC_RETURN_MODE)) {
/* Calling SVC from Handler Mode is not supported */
tfm_core_panic();
}

if ((exc_return & EXC_RETURN_MODE) && (exc_return & EXC_RETURN_SPSEL)) {
/* Use PSP when both EXC_RETURN.MODE and EXC_RETURN.SPSEL are set */
svc_args = psp;
} else {
svc_args = msp;
}

/*
* Stack contains:
* r0, r1, r2, r3, r12, r14 (lr), the return address and xPSR
Expand Down
5 changes: 3 additions & 2 deletions secure_fw/spm/cmsis_psa/tfm_svcalls.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,12 @@
/**
* \brief The C source of SVCall handlers
*
* \param[in] svc_args The arguments list.
* \param[in] msp MSP at SVCall entry.
* \param[in] psp PSP at SVCall entry.
* \param[in] exc_return EXC_RETURN value of the SVC.
*
* \returns EXC_RETURN value indicates where to return.
*/
uint32_t tfm_core_svc_handler(uint32_t *svc_args, uint32_t exc_return);
uint32_t tfm_core_svc_handler(uint32_t *msp, uint32_t *psp, uint32_t exc_return);

#endif

0 comments on commit 92e16df

Please sign in to comment.